Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-01-14...or.exe

windows7-x64

10

2025-01-14...or.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/01/2025, 16:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-14_2ea92aef62e2e3442061bfac63200d82_icedid_ramnit_ruftar_strictor.exe

  • Size

    7.7MB

  • MD5

    2ea92aef62e2e3442061bfac63200d82

  • SHA1

    54741ea20f2f8f195383bb62e9ceb5c21375fa64

  • SHA256

    3cb768625bc63e2075e7f07e10a06822aaabb858abcfd3cc3ee44b1246c95162

  • SHA512

    2f65089554f8b979266ca559c98949906520c0544079217776d4b6bbef73040108aa44d79e2424deb252bf7eb35a8ef600cf0f18046a50a4c68bbafa01038f3b

  • SSDEEP

    49152:K3ORwRazeYFRu6cjZ72WIJfJnugVaryxMNdPyORo7veIAe+/rvATWFNyALrcVMdH:Z+6/9KN9ie3rcVZAnDhKy

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Drops file in Drivers directory 2 IoCs
  • Drops startup file 1 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-14_2ea92aef62e2e3442061bfac63200d82_icedid_ramnit_ruftar_strictor.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-14_2ea92aef62e2e3442061bfac63200d82_icedid_ramnit_ruftar_strictor.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Windows\SysWOW64\drivers\lsass.exe
      "C:\Windows\system32\drivers\lsass.exe"
      2⤵
      • Drops file in Drivers directory
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2564
    • C:\Users\Admin\AppData\Local\Temp\2025-01-14_2ea92aef62e2e3442061bfac63200d82_icedid_ramnit_ruftar_strictor.~tmp
      "C:\Users\Admin\AppData\Local\Temp\2025-01-14_2ea92aef62e2e3442061bfac63200d82_icedid_ramnit_ruftar_strictor.~tmp"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Users\Admin\AppData\Local\Temp\2025-01-14_2ea92aef62e2e3442061bfac63200d82_icedid_ramnit_ruftar_strictorSrv.exe
        C:\Users\Admin\AppData\Local\Temp\2025-01-14_2ea92aef62e2e3442061bfac63200d82_icedid_ramnit_ruftar_strictorSrv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2276
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1256
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2084
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c16929218e59fbe184c2e4ade295f95

    SHA1

    6808788300a4828d3808c9618afffb55e0399096

    SHA256

    4fc3799d3ba928e64585cb7bc6c0863c9cdb489a41bf3c7f2773e0719b9fee8c

    SHA512

    18bcb81e7e38a1b005c9ac3093b1a7e95910b3ea74b0cddde6198460e21e3633a6116d965a71cb4632bfd9a92068b74e1595e02ff093702ae8795b09c43b41cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63980f860402cc9a06990405ea9698db

    SHA1

    e3a6ae7994fe4bfe81f99614b4615123ddc925c7

    SHA256

    da839c62ad95c61ebf70570030aa8ba48a4ac75027697cbe413662111c0c674d

    SHA512

    22b9414f4e3c78b00dce460884bd3fc530671eee01ee0d3eb3971277a625dfd5c73de445416bab3b4a4fbed98b37258b47e41b5bf8a8624c52e53e074399da20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07b24a265932993b7db731d0b0f8570a

    SHA1

    eaa02ff7d2c85aa4c662fe439ab50c048f2702fa

    SHA256

    7b79c126402c66253be1c92808c512ffd534ceae50caee1ceb0bfb22de698c03

    SHA512

    37db8403f3a03a9e453087bfe2863e32a2114cc3b7ad0e785c6386b04a11103d74c9b3f26f865e27c1f3c7efd951dad4997f881dd779d2f91bf59c713aefdc3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5a9fb9148ebe1fcb7e37a9bb924c7a0

    SHA1

    39c30aa220bc3be5e9be140059314afd8a66889d

    SHA256

    593e36a37ef33ac2cb0e50954f04d4e42c23c1ea4dc5ae66a6fedd02b492c7ba

    SHA512

    382773487d9f7de4377e7ab01f06607657662fe8e36cc8925f89ba23a433aeec45cebe1026eb4b213c802b559e35bdf42ff7dfd064bea1840a015c1b07043338

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1afca58435deb5cddeae4c9442af2429

    SHA1

    a52bb2ab0efa532767a6d0c61914fdf85bac47f2

    SHA256

    72435d3944ca997eaa2f6d5784f1688e90361000673516d03ce9979aa262bc98

    SHA512

    49afc2553d49b9476862d7e64bd82b6b73da58dcf63a8602e0757700d5cb7488185e4f22d9e461c93dd75cd6dc1b39f8aedaa442c93c7a0b14d45374235d79df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e099adf2fe859cfb7229dd7d730c06af

    SHA1

    f98b1cef75663d629de7ac8ad136da34ec27f169

    SHA256

    ae3b012bc23d996d79a06d1466111e2da9bc3dc4c8553f112b61f3b5fdc8eecd

    SHA512

    bb5e8434f525664d4c117d10f947dfa191bef93935cfcd29a34ab288bc8211f13aaf0ad486b3714939466c80365517ef5b4b63da84051db5198d10e29ce22e0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05eb0a9e896b6d27b3bab5e5a917aa24

    SHA1

    18d06aeb13ac20fb567b0f3a414a673a33971cc6

    SHA256

    6742184649c23dae1bc33fbca0853da47c8bdcb10942633d17e45d74e303382c

    SHA512

    db15d6ae2ac77ef7dad7b75bf6fc174ff117e255cf81ba9b32ad1160d96fdb69084fce49665670a7a6d9497fada34bfaf94d83de6fbca208f64df9f957ecc7e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb55b4e04563c2bbeca5181e4047f90d

    SHA1

    7127f0eb74a1ffbe93636d2ff4838e7d0b3e65ad

    SHA256

    16b38706a6e45b0ab59a643bc76a66bfe206f4bf23b8541840e4f222f1857b48

    SHA512

    7d303c5b03a424a720e2c1bc6e97a9d6c5fc8ebdaffc6fdd1e46da17f761ab8cd1cac691762108c64202b426e87bf8262596061b13164ed86c03c6142b7525b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0affb69051d2c6d7f17749ccdc9b535

    SHA1

    c057688cc61734b1326a59bdcb50e1fd2e9a29d6

    SHA256

    1c5c141a9932cfe5e64cb30799aff308eeeac2a3ff575e4f5bb651e412c2d07c

    SHA512

    989133f6d6074c744474fe8a34ff9ffe6fa71e93f174875e81aff1b9207068b0cb73bdef3df4b3b149843851d85912b6104b5ca665f4699216d84d151d13564c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b43db612a7f46fc018e422e1b732890b

    SHA1

    b8c0a6a13bd21bd41096f55b4c0a304c3aa7f74e

    SHA256

    84febd3ac77c07e1ef7f068129b97cffb49969a15b6f9bd399c72efff4b58c86

    SHA512

    a2a2940844a33026113fd1ac58a11cb3bf909a5cafb5886c328bf74a2148a0be2325a789249e075e8830f56ad2d5482153a1a979a8bd368688a2d3d49936d5e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e20dd32ac14612fa1a8df7841b115239

    SHA1

    6c72e9b44deb36aa065a1fa54ae2fadc97f4dfaa

    SHA256

    056fc91d98c39352e93fad01ac1db01ecde67a2fdd6cd18a4bc50755073765f9

    SHA512

    df52d04d19919cf31a1a1deb004803f1ac90220ff296351b405f1fa0b3caee012a2dfe57057bc2b0be2680b62a9cbf2a9db0ac20db10c721ed8b005953a7719d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72ae91ca058d2c5ad9b57697e77838de

    SHA1

    6530873e193fcc4a5e1e7409065e9eb3c170f149

    SHA256

    1726898f09fd54ed90667046ae5b683cdd444d7bb98652ba3db0760dbc099f9f

    SHA512

    9e54f5b1e83070acaacaeb4dd20f1898ab12881cf6e538069df69d26e0e9a3a7f401695a292b0773e92cfcca430ed2506f8dd5004025feb2eba9bc367342ba24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d90e7f661a068426e3be9e339f8816c3

    SHA1

    3fc40ab30866ff6a914e9233d265e0d8e1f45069

    SHA256

    e39e62432fe9e45569bfce4a951c76c0cc1eb1ed20a54013f9db20ea5c9dd34c

    SHA512

    2eee350c67762466c286f1beb4c8ec84406626299f6b031a24b2784ab77142cfe8be2e38bab7f21452a70ab17d0e4dd98453c68098ada758750a322d70a31449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0379aba9ecc7b2ab595dd905c29d1ea8

    SHA1

    fe4a1cf560397fc90d5337bbb2c939cec345e7fb

    SHA256

    11c9e0207c16752bbd603742523ae49aa985aed4c901f9f0ff41a9fde3dc37b6

    SHA512

    c316751dafc1c152793d7881123b30d32e12685995cccb2f997aefb9e31a1d05b7e9f88363e87a91bf2533d75e67c6c7eafe3a927ac1a03a7320d1d19116f503

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aee61ca6ef1c7603d8110ebdf11644e8

    SHA1

    f98cee918f4daa147b5f7ce929a57c1fdc693ef8

    SHA256

    e361c4e769cc8749277864617f3a442eba5e6eb5a429a04a9b552ac2bbde3f42

    SHA512

    99334b100d4e10c3e790b00d3e25a9c90417c30c6bbd794a668758e697046cf4378abc20b7dda2dbf5a249c4542d105a6b6c7735aea2de18b816f7ecf957b7e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    714d6a0c15a68bdd5a7d1ba5d1b8cd76

    SHA1

    09d6e57f1d10c451d6b9737e9839505182b9fcd2

    SHA256

    d9e262d77c0a0b8266be26bc708e37c32d1caf3f57046ad3404b734cfd94829a

    SHA512

    c48f8020308309550c3ec550380dda2b137843dde82cbbde0f946128f0784634594588c93d5bc3cff16a8c8f96044704e93f800ec24bd54ac5b551087151fd6a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC5C2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC623.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-14_2ea92aef62e2e3442061bfac63200d82_icedid_ramnit_ruftar_strictor.~tmp
    Filesize

    7.6MB

    MD5

    7dad81914d8bb0bf4fcabf067305a999

    SHA1

    602440c638cd7b5cfa3d666bf5b145ebf8e954df

    SHA256

    10244d53e27a2385c491ef411f029ee07aec3baf087b665010a624d51a31965b

    SHA512

    cf61740bb07a2244b9aa28df4e86b1d9869568fdf2a676737c2e8da3e34998ba87566969bde5839382f6913c44277819621610fba402c14118174555de66e12d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-14_2ea92aef62e2e3442061bfac63200d82_icedid_ramnit_ruftar_strictorSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • \Windows\SysWOW64\drivers\lsass.exe
    Filesize

    32KB

    MD5

    c451134261557ae5fe1ee308d0ae1b98

    SHA1

    e55a9ddd2e3b3083a76d091b13748f55c2caeae3

    SHA256

    c5eb765654730a8a3dc53997549d97542b419cc5f3fccb9d4a487d1a04dd6481

    SHA512

    5e9606529d2fea3ac3932f7f08fddc13497f9b3dfe66d61dfa14a68cd37d12cb40dd2a7071c6d8db346cfceded2b2947ec1d3c0291b15d250b75aee7adf52be3

    Download Submit

  • memory/1256-33-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1256-37-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1256-35-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1724-27-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1724-24-0x0000000001100000-0x00000000018A7000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1724-39-0x0000000001100000-0x00000000018A7000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2276-25-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2276-26-0x0000000000240000-0x000000000024F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2564-468-0x0000000000320000-0x0000000000322000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2896-16-0x0000000002A90000-0x0000000003237000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2896-38-0x0000000002A90000-0x0000000003237000-memory.dmp

    Filesize

    7.7MB

    Download